Unrated severityNVD Advisory· Published Dec 21, 2021· Updated Aug 3, 2024
WP Visitor Statistics (Real Time Traffic) < 4.8 - Subscriber+ SQL Injection
CVE-2021-24750
Description
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/WP Visitor Statistics (Real Time Traffic)description
- Range: <4.8
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/165433/WordPress-WP-Visitor-Statistics-4.7-SQL-Injection.htmlmitrex_refsource_MISC
- plugins.trac.wordpress.org/changeset/2622268mitrex_refsource_CONFIRM
- wpscan.com/vulnerability/7528aded-b8c9-4833-89d6-9cd7df3620demitrex_refsource_MISC
News mentions
0No linked articles in our index yet.